544
Examples
# Create the IKE keychain
key1
.
<Sysname> system-view
[Sysname] ike keychain key1
# Apply the IKE keychain
key1
to the interface with the IP address
2.2.2.2
in the VPN instance
vpn1
.
[sysname-ike-keychain-key1] match local address 2.2.2.2 vpn-instance vpn1
match local address (IKE profile view)
Use
match local address
to specify a local interface or IP address to which an IKE profile can be
applied.
Use
undo match local address
to restore the default.
Syntax
match local address
{
interface-type interface-number
| {
ipv4-address |
ipv6
ipv6-address
}
[
vpn-instance
vpn-instance-name
] }
undo match
local address
Default
An IKE profile can be applied to any local interface or IP address.
Views
IKE profile view
Predefined user roles
network-admin
Parameters
interface-type interface-number
: Specifies a local interface. It can be any Layer 3 interface.
ipv4-address
: Specifies the IPv4 address of a local interface.
ipv6
ipv6-address
: Specifies the IPv6 address of a local interface.
vpn-instance
vpn-instance-name
: Specifies the MPLS L3VPN instance to which the IPv4 or IPv6
address belongs. The
vpn-instance-name
argument represents the VPN instance name, a
case-sensitive string of 1 to 31 characters. To specify an IP address on the public network, do not
specify this option.
Usage guidelines
Use this command to specify which address or interface can use the IKE profile for IKE negotiation.
Specify the local address configured in IPsec policy or IPsec policy template view (using the
local-address
command) for this command. If no local address is configured, specify the IP address
of the interface that uses the IPsec policy.
An IKE profile configured earlier has a higher priority. To give an IKE profile that is configured later a
higher priority, you can configure this command for the profile. For example, suppose you configured
IKE profile A before configuring IKE profile B, and you configured the
match remote identity
address range 2.2.2.1 2.2.2.100
command for IKE profile A and the
match remote identity
address range 2.2.2.1 2.2.2.10
command for IKE profile B. For the local interface with the IP
address 3.3.3.3 to negotiate with the peer 2.2.2.6, IKE profile A is preferred because IKE profile A
was configured earlier. To use IKE profile B, you can use this command to restrict the application
scope of IKE profile B to address 3.3.3.3.
Examples
# Create the IKE profile
prof1
.